<!DOCTYPE html>
<html lang="en">
<head>
	<meta charset="UTF-8">
	<meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1">
	<title>Setting up TLS on a cluster | ElasticSearch 7.7 权威指南中文版</title>
	<meta name="keywords" content="ElasticSearch 权威指南中文版, elasticsearch 7, es7, 实时数据分析，实时数据检索" />
    <meta name="description" content="ElasticSearch 权威指南中文版, elasticsearch 7, es7, 实时数据分析，实时数据检索" />
    <!-- Give IE8 a fighting chance -->
    <!--[if lt IE 9]>
    <script src="https://oss.maxcdn.com/html5shiv/3.7.2/html5shiv.min.js"></script>
    <script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script>
    <![endif]-->
	<link rel="stylesheet" type="text/css" href="../static/styles.css" />
	<script>
	var _link = 'ssl-tls.html';
    </script>
</head>
<body>
<div class="main-container">
    <section id="content">
        <div class="content-wrapper">
            <section id="guide" lang="zh_cn">
                <div class="container">
                    <div class="row">
                        <div class="col-xs-12 col-sm-8 col-md-8 guide-section">
                            <div style="color:gray; word-break: break-all; font-size:12px;">原英文版地址: <a href="https://www.elastic.co/guide/en/elasticsearch/reference/7.7/ssl-tls.html" rel="nofollow" target="_blank">https://www.elastic.co/guide/en/elasticsearch/reference/7.7/ssl-tls.html</a>, 原文档版权归 www.elastic.co 所有<br/>本地英文版地址: <a href="../en/ssl-tls.html" rel="nofollow" target="_blank">../en/ssl-tls.html</a></div>
                        <!-- start body -->
                  <div class="page_header">
<strong>重要</strong>: 此版本不会发布额外的bug修复或文档更新。最新信息请参考 <a href="https://www.elastic.co/guide/en/elasticsearch/reference/current/index.html" rel="nofollow">当前版本文档</a>。
</div>
<div id="content">
<div class="breadcrumbs">
<span class="breadcrumb-link"><a href="index.html">Elasticsearch Guide [7.7]</a></span>
»
<span class="breadcrumb-link"><a href="secure-cluster.html">Secure a cluster</a></span>
»
<span class="breadcrumb-link"><a href="encrypting-communications.html">Encrypting communications</a></span>
»
<span class="breadcrumb-node">Setting up TLS on a cluster</span>
</div>
<div class="navheader">
<span class="prev">
<a href="encrypting-communications.html">« Encrypting communications</a>
</span>
<span class="next">
<a href="configuring-tls.html">Encrypting communications in Elasticsearch »</a>
</span>
</div>
<div class="section">
<div class="titlepage"><div><div>
<h2 class="title">
<a id="ssl-tls"></a>Setting up TLS on a cluster<a class="edit_me edit_me_private" rel="nofollow" title="Editing on GitHub is available to Elastic" href="https://github.com/elastic/elasticsearch/edit/7.7/x-pack/docs/en/security/securing-communications/setting-up-ssl.asciidoc">edit</a>
</h2>
</div></div></div>
<p>The Elastic Stack security features enable you to encrypt traffic to, from, and
within your Elasticsearch cluster. Connections are secured using Transport Layer Security
(TLS), which is commonly referred to as "SSL".</p>
<div class="warning admon">
<div class="icon"></div>
<div class="admon_content">
<p>Clusters that do not have encryption enabled send all data in plain text
including passwords. If the Elasticsearch security features are enabled, unless you have a trial license, you must configure SSL/TLS for internode-communication.</p>
</div>
</div>
<p>The following steps describe how to enable encryption across the various
components of the Elastic Stack. You must perform each of the steps that are
applicable to your cluster.</p>
<div class="olist orderedlist">
<ol class="orderedlist">
<li class="listitem">
Generate a private key and X.509 certificate for each of your Elasticsearch nodes. See
<a href="configuring-tls.html#node-certificates" class="ulink" target="_top">Generating Node Certificates</a>.
</li>
<li class="listitem">
Configure each node in the cluster to identify itself using its signed
certificate and enable TLS on the transport layer. You can also optionally
enable TLS on the HTTP layer. See
<a class="xref" href="configuring-tls.html#tls-transport" title="Encrypting communications between nodes in a cluster">Encrypting communications between nodes in a cluster</a> and
<a class="xref" href="configuring-tls.html#tls-http" title="Encrypting HTTP client communications">Encrypting HTTP client communications</a>.
</li>
<li class="listitem">
Configure the monitoring features to use encrypted connections. See <a class="xref" href="secure-monitoring.html" title="Monitoring and security">Monitoring and security</a>.
</li>
<li class="listitem">
Configure Kibana to encrypt communications between the browser and
the Kibana server and to connect to Elasticsearch via HTTPS. See
<a href="https://www.elastic.co/guide/en/kibana/7.7/using-kibana-with-security.html" class="ulink" target="_top">Configuring security in Kibana</a>.
</li>
<li class="listitem">
Configure Logstash to use TLS encryption. See
<a href="https://www.elastic.co/guide/en/logstash/7.7/ls-security.html" class="ulink" target="_top">Configuring security in Logstash</a>.
</li>
<li class="listitem">
Configure Beats to use encrypted connections. For example, see
<a href="https://www.elastic.co/guide/en/beats/filebeat/7.7/securing-filebeat.html" class="ulink" target="_top">Configure Filebeat to use security features</a>.
</li>
<li class="listitem">
Configure the Java transport client to use encrypted communications.
See <a class="xref" href="java-clients.html" title="Java Client and security">Java Client and security</a>.
</li>
<li class="listitem">
Configure Elasticsearch for Apache Hadoop to use secured transport. See
<a href="https://www.elastic.co/guide/en/elasticsearch/hadoop/7.7/security.html" class="ulink" target="_top">Elasticsearch for Apache Hadoop Security</a>.
</li>
</ol>
</div>
</div>
<div class="navfooter">
<span class="prev">
<a href="encrypting-communications.html">« Encrypting communications</a>
</span>
<span class="next">
<a href="configuring-tls.html">Encrypting communications in Elasticsearch »</a>
</span>
</div>
</div>

                  <!-- end body -->
                        </div>
                        <div class="col-xs-12 col-sm-4 col-md-4" id="right_col">
                        
                        </div>
                    </div>
                </div>
            </section>
        </div>
    </section>
</div>
<script src="../static/cn.js"></script>
</body>
</html>